Knowledge Base

Articles list

VMware: Getting Started

Registering in the Selectel Сontrol Panel

To enable the Cloud powered by VMware, you must first be fully registered in the Selectel control panel (registration tutorial).

Enabling Cloud powered by VMware

Ensure you have at least 100 rubles in your Cloud powered by VMware service balance. For instructions, please see VMware Payment and Billing.

Open the Cloud powered by VMware tab in the control panel and click Create VDC.

Select a storage type; resource limits are set automatically.

image

Please note: Limits can be increased upon request.

Flash and HTML5 versions of vCloud Director are available.

Note: Not all vCloud Director functions are available in the HTML5 version. The instructions below are for the Flash console.

You will be sent a ticket containing a link to the vCloud Director web panel as well as your login and password.

image

We strongly recommend changing your password the first time you log into vCD.

After entering your login and password, you will be able to access the vCloud Director panel, which consists of the following sections:

  • Home
  • My Cloud
  • Catalogs
  • Administration

Home

The Home section displays a list of your current vApps and provides a quick access panel with the basic vCloud Director functions:

  • Add vApp from Catalog
  • Add vApp from OVF
  • Build New vApp

image

My Cloud

In the My Cloud section, you can view your available items:

  • vApps (containers)
  • VMs (virtual machines)
  • Expired Items
  • Logs

image

Here you can configure and perform operations with the above-mentioned items.

Catalogs

In the Catalogs section, you can view public and custom catalogs, vApp templates, and disk images.

image

Administration

The Administration section displays:

  • Virtual Datacenters
  • Virtual Datacenter templates
  • Organization settings

image

Here you'll also find User information, as well as be able to add new users and manage access settings for existing users.

Creating vApps with Internet Access

Creating vApps with One Virtual Machine from a Template

To create a vApp with one virtual machine from a pre-installed template from the VMware vCloud Director panel, choose an existing vApp template:

1. Under Home, click Add vApp from catalog or under My Cloud, click the green plus sign in vApps.

image

2. The Add vApp from Catalog window will open. From the Look in drop-down menu, select Public Catalogs.

image

A list of available vApp templates with pre-installed operating systems will be displayed in the table. Choose a template, like Ubuntu 16.04, and click Next.

3. Enter a Name (this can be left as is) and a Description (optional). Click Next.

4. You can change the name of your virtual machine, if need be, in the Configure Resources tab. Click Next.

5. In Configure Networking, you can enter a network that your VM's network adapter will connect to. Click Next.

6. Under Customize Hardware, you can set the following parameters:

  • # of vCPU
  • cores per socket
  • RAM
  • disk space

7. Open the Ready to Complete tab and review your settings.

You can automatically launch your vApp by checking Power on vApp after this wizard is finished. Click Finish.

Note: You will have to wait while the virtual machine is created in the vApp container, which may take some time.

Connecting a vApp to the Internet

Creating an Org VDC Network

To create a network:

1. Open the Administration section. Left-click the Virtual Datacenters field and then double-click the desired virtual datacenter.

2. Open the Org VDC Networks tab and click the green plus sign.

3. In the new window, choose the network type with Internet access - routed network. Click Next.

4. Under Configure Network, fill in the following network settings:

  • Gateway address, such as 192.168.0.1
  • Network mask, such as 255.255.255.0
  • Primary DNS, such as 188.93.16.19
  • Secondary DNS, such as 188.93.17.19
  • For Static IP pool, enter an address range that can later be automatically attached to your virtual machines

Note: Addresses should be in the format xxx.xxx.xxx.xxxyyy.yyy.yyy.yyy, where xxx.xxx.xxx.xxx is the first address in the subnet and yyy.yyy.yyy.yyy is the last address. For example, 192.168.0.2 — 192.168.0.20. Addresses from this pool will be allocated to your virtual machines. The number of available IP addresses will be displayed below (total: 50).

Click Next.

5. Enter a network name and description of the network (optional).

6. Check your settings and click Finish.

Your organization now has a network.

Configuring NAT Rules

Important! Before configuring NAT rules, you must first identify and enter the external IP address. For proper NAT functionality, the firewall must be enabled. Double check that firewall is enabled!

Virtual Datacenter External IP Address

To identify the external IP address:

  1. In the Administration section, open the Edge Gateways tab.
  2. Right-click the relevant edge and select Properties.
  3. In the open window, the external IP address will be shown under the Configure IP Settings tab.

image

What Is NAT

NAT (Network Address Translation) is technology that converts private IP addresses to external IPv4 addresses. This is how virtual machines gain access to the Internet. Networks typically use private (grey) IP addresses that are not used over the net.

Private IP addresses, also known as internal, inter-network, local, and grey addresses, can be used by any organization at their discretion without registering it with an organization. To access the Internet, a white IP address is required, which will "mask" one or several private IP addresses. The NAT mechanism masks grey addresses to white addresses and vice-versa. This is how a fully private network can connect to the Internet with one public IP address (or address pool) assigned by a provider. Consequently, this keeps the global address supply from quickly deteriorating. NAT conversion is important in terms of security: by translating private IP addresses from the router's pool to public address, you can hide your internal network's topology from external users, which makes it harder to access network resources without proper authentication.

Creating SNAT Rules

To access the Internet from a local network, SNAT rules must be configured:

1. In the Administration section, double-click your virtual datacenter and open the Edge Gateways tab.

2. Right-click the desired edge and choose Edge Gateway Services. In the new window, open the NAT tab and click Add SNAT.

3. In the new window, fill in the following fields:

  • for Applied on, select the external network (not the Org VDC Network!)
  • for Description, enter a description for the SNAT (optional)
  • for Original (Internal) source IP/range, enter the internal address range, such as 192.168.0.0/24
  • for Translated (External) source IP/range, enter the external IP address for your edge router

image

4. Click OK.

Creating DNAT Rules

DNAT is a mechanism that changes a packet's destination address and port. This is used for forwarding incoming packets from an external address/port to a private IP address/port within the private network.

To receive packets from the Internet, DNAT rules must be configured:

1. In the Administration section, double-click your virtual datacenter and open the Edge Gateways tab.

2. Right-click the relevant edge and select Edge Gateway Services.

3. In the new window, open the NAT tab and click Add DNAT. Fill in the following fields:

  • for Applied on, choose an external network (not the Org VDC Network!)
  • for Description, enter a description to the DNAT rule (optional)
  • for Original (External) IP/range, enter the external IP address
  • for Protocol, select ANY
  • for Translated (Internal) IP/range, enter the internal subnet, such as 192.168.0.0/24
  • for Translated Port, select ANY

image

4. Click OK.

Configuring Firewalls

To configure a firewall:

1. In the Administration section, double-click your virtual datacenter and open the Edge Gateways tab. Right-click the relevant edge and select Edge Gateway Services. In the new window, open the Firewall tab.

2. The Default option will be automatically set to Deny, meaning the firewall will block all traffic. To allow traffic, configure rules by clicking Add.

Note: If the default option is set to Allow, the firewall will only block defined session parameters; if the default option is set to Deny, the firewall will only allow defined session parameters.

3. In the new window, fill in the following fields:

  • for Name, enter a name for the rule, such as Internet
  • for Source, enter the necessary source address: a single IP address, IP range, CIDR, or one of the following variables:
    • Internal - all internal networks
    • External - all external networks
    • Any - any network
  • for Source Port, choose the source port. This can be one port, a range of ports, or all ports (ANY)
  • for Destination, choose the receiving address. This follows the same format as the Source field (e.g.: external)
  • for Destination Port, choose the receiving port. The port can also be entered manually or left as Any
  • for Protocol, choose the appropriate protocol (or Any)
  • for Action, choose the required action (allow or deny)

4. Click OK.

Connecting Virtual Machines to a the Internet

To connect a virtual machine to the Internet:

1. In the My Cloud section, open the vApps tab and open your vApp. Click the Virtual Machines tab and right-click the virtual machine you wish to connect. Select Properties from the drop-down menu.

2. In the new window, open the Hardware tab. Select NICs. Choose your Org VDC Network and check the Connected column. Click OK.

3. For the changes to come into effect, your vApp will have to recustomize. To do this, return to the Virtual Machines tab, right-click the virtual machine, and select Power On and Force Recustomization from the drop-down menu.

4. If everything was configured properly, vApp Diagram will show the virtual machine connected to the network.

The Virtual Machine will now be connected to the Internet.

Configuring SSH/RDP Access to Virtual Machines

Note: Before configuring NAT rules, you must first identify and enter the external IP address.

To configure SSH access, open port 22 (for RDP access, open port 3389). You will have to create a DNAT rule:

1. Under Administration, double-click your virtual datacenter.

2. In the new menu, open the Edge Gateways tab. Right-click the necessary edge and select Edge Gateway Services.

3. In the new menu, open the NAT tab and click Add DNAT:

  • for Applied on, choose an external network
  • for Description, enter a description to the DNAT rule: SSH (or RDP)
  • for Original (External) IP/range, enter the external IP address
  • for Protocol, select the appropriate protocol
  • for Original Port, enter 22 (for RDP access, enter 3389)
  • for Translated Port, enter 22 (for RDP access, enter 3389)
  • for Translated (Internal) IP/range, enter the virtual machine's internal IP address, such as 192.168.0.1

Note: It's better to use a non-standard port (like 5522) or enter a list of permitted IP addresses that can be connected.

4. Click OK.

5. Open the Firewall tab and create a rule with the following parameters:

  • for Name, enter a rule name, like Allow SSH
  • for Source, enter the necessary source address, like Any
  • for Source Port, choose the source port. This can be one port, a range of ports, or all ports (with the Any variable)
  • for Destination, enter the receiving address, such as Any
  • for Destination Port, assign the receiving port as 22
  • for Protocol, select TCP
  • for Action, select Allow

6. Click OK.

After your virtual machine recustomizes, you will be able to connect to it via SSH.

Note: You can similarly configure HTTP connections (port 80).

Guest OS Login/Password

Login

The login for all virtual machine templates is root.

Password

In My Cloud under vApps, right-click your virtual machine and select Properties. Your password will be shown in the Description field.

To change this password:

1. Power off the virtual machine.

2. In the VMs tab under My Cloud, right-click the virtual machine and select Properties.

3. In the new window, open the Guest OS Customization tab. Check the Enable guest customization field and select the Auto Generate Password option or enter your own password in the Specify Password field.

4. Click OK to save your changes.

Note: Passwords should meet the following requirements:

  • be at least six characters long
  • include a combination of at least three of the following four elements:
    • uppercase letters (latin alphabet)
    • lowercase letter (latin alphabet)
    • numbers (0 to 9)
    • non-alphanumeric characters (!, $, #, %)

5. Open  the vApp containing the virtual machine, right-click the VM and select Power On and Force Recustomization.

6. Once the virtual machine has been launched, click the VM name to open the web console. Enter the login "root" and relevant password (either automatically generated password or password you assigned).

Note: As a security measure, passwords are not displayed during login; passwords must be entered manually.